package com.spring.arch.uaa.oauth2.service;

import com.spring.arch.common.security.SecurityProperties;
import com.spring.arch.uaa.model.OauthClient;
import com.spring.arch.common.security.SecurityProperties;
import com.spring.arch.uaa.model.OauthClient;
import com.spring.arch.uaa.repository.OauthClientRepository;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Primary;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;

/**
 * 客户端信息服务
 *
 * @author sunyx
 */
@Slf4j
@Service
@Primary
@EnableConfigurationProperties(SecurityProperties.class)
public class OauthClientDetailsServiceImpl implements ClientDetailsService {
    @Autowired
    private OauthClientRepository oauthClientRepository;
    @Autowired
    private SecurityProperties securityProperties;

    @Override
    public ClientDetails loadClientByClientId(String clientId) throws ClientRegistrationException {

        OauthClient client = oauthClientRepository.findById(clientId)
                .orElseThrow(() -> new IllegalStateException("没有找到clientId: " + clientId));

        String resourceIds = StringUtils.collectionToCommaDelimitedString(client.getResourceIds());
        String scopes = StringUtils.collectionToCommaDelimitedString(client.getScope());
        String grantTypes = StringUtils.collectionToCommaDelimitedString(client.getAuthorizedGrantTypes());
        String authorities = StringUtils.collectionToCommaDelimitedString(client.getAuthorities());

        BaseClientDetails base = new BaseClientDetails(client.getClientId(),
                resourceIds, scopes, grantTypes, authorities);
        base.setClientSecret(client.getClientSecret());

        Integer accessTokenValiditySeconds = securityProperties.getAuth().getDefaultAccessTokenTimeout();
        if (accessTokenValiditySeconds == null) {
            accessTokenValiditySeconds = client.getAccessTokenValiditySeconds();
        }
        base.setAccessTokenValiditySeconds(accessTokenValiditySeconds);

        Integer refreshTokenValiditySeconds = securityProperties.getAuth().getDefaultRefreshTokenTimeout();
        if (refreshTokenValiditySeconds == null) {
            refreshTokenValiditySeconds = client.getRefreshTokenValiditySeconds();
        }
        base.setRefreshTokenValiditySeconds(refreshTokenValiditySeconds);
        base.setAdditionalInformation(client.getAdditionalInformation());
        base.setAutoApproveScopes(client.getScope());
        return base;
    }
}